Hi Julie <disclaimer> My 2 pence worth - I have no special insight except that I have successfully set up a site (on linux though) using LDAP for http (apache) authentication, and the LDAPGroup plugin for Trac, and fine grained SVN permissions via the same route as you. YMMV. </disclaimer>
My understanding (and it could be flawed as I am a comparative newbie) is the the groups in the svn path access files have no real meaning apart from giving you the ability to arbitrarily group users together in that file. The key here is that the User Name, as in 'Logged in as ...', is what you need to get right in the path auth file. There has to be a specific permission for that user, or a group in the path auth file must contain that user; groups in there have no mapping to the outside world. My advice to you is that you should get the permission system working with a few test users, then try adding them to a group and assign permissions to the group. Don't expect the CVN path auth file groups to map to anything 'real' in either trac or whatever other auth system they are using. The only other observation I would make is that when I was commissioning our system: Jim Page=rw Didn't work Jim Page = rw Did. Hope this helps. Cheers Jim -----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Julie Tittler Sent: 10 June 2007 19:58 To: [email protected] Subject: [Trac] Re: Problems with SVN fine grained permissions in Trac .10.4 Does anyone have any other ideas on what might be wrong with my setup? Thanks, Julie Julie Tittler wrote: > I made those changes and restarted apache. Still no luck. Do the user > groups in svnaccess.conf need to match the user groups in Trac? I have > the user names matching. But roles groups in svn don't necessarily > translate to role groups in Trac. So I have the groups different. I > tried creating groups in Trac which match the groups in svn, and then > added those groups to the groups which have the correct Trac > permissions. Can you have subgroups in Trac? I couldn't figure out how > to make a group inherit from another group except for anonymouse and > authenticated, which they do automatically. Do I really need to give > individual rw permissions to each user in svnaccess.conf as opposed to > using groups? > > Thanks, > Julie > > Gaël Hérent wrote: > >> Hi Julie >> >> In your project trac.ini you should change authz_module_name = >> C:/Subversion/BDA to >> authz_module_name = BDA >> >> And your svnaccess.conf should look something like : >> [BDA:/] >> @whatever_group = rw >> user = rw >> .... >> >> Ga�l. >> >> >> Julie Tittler wrote: >> >> >>> Yes. It's me again. I'm still setting up this installation. The >>> problem...in the repo browser, I get "Insufficient permissions to view >>> /", even though the account is TRAC_ADMIN, and a corresponding user in >>> the svnaccess file has RW on the repo. I've gotten WebAdmin installed >>> and working. I've gotten TracPermissions working. I've tested the SVN >>> permissions using RapidSVN. But this is a show stopper. >>> >>> My system is using the following: >>> >>> Windows XP sp2 >>> Apache 2.0.59 >>> Trac .10.4 >>> SVN 1.4.3 >>> MOD_SSL 2.0.59 >>> OpenSSL 0.9.7 >>> Dav/2 >>> >>> I want to use the fine grained permissions SVN has to offer through the >>> authz stuff. All Trac and SVN stuff is through an HTTPS site using basic >>> authentication with a DBM file in Apache. Subversion tree looks like this: >>> >>> c:\Subversion\repo1 >>> c:\Subversion\repo2 >>> ..\project3 >>> ..\project4 >>> >>> The Trac stuff looks like this: >>> >>> c:\Trac\Repo1 >>> c:\Trac\project3 >>> c:\Trac\project4 >>> >>> Users in the svnaccess file match the users in Trac. Here are excepts >>> from relevant config files. >>> >>> ----------------- >>> global trac.ini >>> ----------------- >>> [trac] >>> authz_file = "C:/Program Files/Apache Group/Apache2/conf/svnaccess.conf" >>> base_url = >>> check_auth_ip = true >>> database = postgres://postgres:[EMAIL PROTECTED]/BDA >>> default_charset = iso-8859-15 >>> default_handler = WikiModule >>> htdocs_location = >>> ignore_auth_case = false >>> mainnav = wiki,timeline,roadmap,browser,tickets,newticket,search >>> metanav = login,logout,settings,help,about >>> permission_store = DefaultPermissionStore >>> repository_dir = c:\Subversion\BDA >>> repository_type = svn >>> # request_filters = <set in global trac.ini> >>> # templates_dir = <set in global trac.ini> >>> timeout = 20 >>> >>> ----------------- >>> project trac.ini >>> ----------------- >>> [trac] >>> authz_file = "C:/Program Files/Apache Group/Apache2/conf/svnaccess.conf" >>> authz_module_name = C:/Subversion/BDA >>> base_url = >>> check_auth_ip = true >>> database = postgres://postgres:[EMAIL PROTECTED]/BDA >>> default_charset = iso-8859-15 >>> default_handler = WikiModule >>> htdocs_location = >>> ignore_auth_case = false >>> mainnav = wiki,timeline,roadmap,browser,tickets,newticket,search >>> metanav = login,logout,settings,help,about >>> permission_store = DefaultPermissionStore >>> repository_dir = c:/Subversion/BDA >>> repository_type = svn >>> # request_filters = <set in global trac.ini> >>> # templates_dir = <set in global trac.ini> >>> timeout = 20 >>> >>> ----------------- >>> httpd.conf >>> ----------------- >>> <Location /svn> >>> DAV svn >>> # any "/svn/foo" URL will map to a repository /usr/local/svn/foo >>> SVNParentPath "C:/Subversion" >>> AuthzSVNAccessFile conf/svnaccess.conf >>> </Location> >>> >>> ------------------ >>> ssl.conf >>> ------------------ >>> <Location /> >>> SetHandler mod_python >>> PythonHandler trac.web.modpython_frontend >>> PythonOption TracEnvParentDir "C:/Trac" >>> PythonPath "sys.path + ['C:/Python24/Lib/site-packages/trac']" >>> PythonDebug on >>> PythonOption TracUriRoot / >>> >>> AuthType Basic >>> AuthName "Trac Requirements and Isuue Management System" >>> AuthDBMUserFile "C:/Program Files/Apache Group/Apache2/conf/users" >>> Require valid-user >>> </Location> >>> >>> Thank you very much, >>> Julie >>> >>> >>> >>> >>> >> >> > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-users?hl=en -~----------~----~----~----~------~----~------~--~---
